7222 matches found
WordPress Uncanny Automator plugin <= 6.2 - Authenticated (Admin+) Server-Side Request Forgery via Webhook vulnerability
Authenticated Admin+ Server-Side Request Forgery via Webhook vulnerability discovered by Francesco Carlucci in WordPress Plugin Uncanny Automator versions = 6.2...
Server-side Request Forgery (SSRF)
Overview org.webjars.bower:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to not setting allowAbsoluteUrls to false by default when processing a requested URL in buildFullPath. It may not b...
Server-side Request Forgery (SSRF)
Overview org.webjars.bowergithub.axios:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to not setting allowAbsoluteUrls to false by default when processing a requested URL in buildFullPath. ...
SAP CRM和SAP S/4HANA 代码问题漏洞
SAP CRM and SAP S/4HANA are both products of SAP, a customer relationship management system, and SAP S/4HANA, an enterprise resource management software based on the SAP HANA in-memory database system. SAP CRM and SAP S/4HANA suffer from a server-side request forgery vulnerability, which stems fr...
Stoque Zeev.it 代码问题漏洞
Stoque Zeev.it is a workflow automation platform from Stoque, Inc. A code issue vulnerability exists in Stoque Zeev.it version 4.24, which stems from server-side request forgery and could lead to remote attacks...
IP Util Functions Library 安全漏洞
IP Util Functions Library is a collection of intellectual property-related utilities by Sean Nelson, an individual developer. A security vulnerability exists in IP Util Functions Library version 2.4.0 and earlier, which stems from certain IP addresses being misclassified as globally routable,...
VulnCheck KEV: CVE-2021-39935
GitLab Community and Enterprise Editions contain a server-side request forgery vulnerability which could allow unauthorized external users to perform Server Side Requests via the CI Lint API...
XML External Entity (XXE) Injection
Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection over the bucket tagging endpoint. External entities referenced in an AccessControlPolicy XML document are resolved and retrieved. This allows attackers to perform server-side request forgery SSRF attack...
PT-2025-10613
Name of the Vulnerable Software and Affected Versions autogpt-platform versions prior to autogpt-platform-beta-v0.4.2 Description The issue is related to a server-side request forgery SSRF vulnerability inside the Send Web Request component. The root cause is that IPV6 addresses are not restricte...
LocalS3 代码问题漏洞
LocalS3 is a Netty-based implementation of the Amazon S3 service by Luo's personal developer. A code issue vulnerability exists in LocalS3 versions prior to 1.21, which stems from the presence of an XML external entity injection vulnerability that could lead to a server-side request forgery attac...
AutoGPT 代码问题漏洞
AutoGPT is a tool from AutoGPT Open Source. Used to enable everyone to use and build accessible AI. A code issue vulnerability exists in versions prior to AutoGPT autogpt-platform-beta-v0.4.2, which stems from a Send Web Request component that could lead to server-side request forgery...
How to Create a Scan for Server-Side Request Forgery
This whitepaper covers how to create a scan in Perl to identify server-side request forgery in web applications. Depending on the context of the environment and architecture, the content of the paper can be applied to APIs in addition to presenting how to correct or avoid SSRF problems at the cod...
Founder Electronics Enjoys All-Media Acquisition and Editing System 代码问题漏洞
Founder Electronics Enjoys All-Media Acquisition and Editing System is an all-media acquisition and editing system from Founder Electronics, a Chinese company. A code issue vulnerability exists in Founder Electronics Enjoys All-Media Acquisition and Editing System version 3.0, which stems from an...
CVE-2024-13924
The Starter Templates by FancyWP plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.0.0 via the 'httprequesthostisexternal' filter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...
WordPress plugin Starter Templates by FancyWP 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
CVE-2024-53696
A server-side request forgery SSRF vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read application data. We have already fixed the vulnerability in the following versions: QuLog Center...
GHSA-JR5F-V2JV-69X6 axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL
Summary A previously reported issue in axios demonstrated that using protocol-relative URLs could lead to SSRF Server-Side Request Forgery. Reference: axios/axios6463 A similar problem that occurs when passing absolute URLs rather than protocol-relative URLs to axios has been identified. Even if...
QNAP Systems QTS、QNAP Systems QuTS hero和QNAP Systems QuLog Center 代码问题漏洞
QNAP Systems QuLog Center and others are products of QNAP Systems, Inc.QNAP Systems QuLog Center is a report field that records events reported by the system.QNAP Systems QTS is an entry-level operating system.QNAP Systems QuTS hero is an operating system. Systems QuTS hero is an operating system...
WordPress plugin Platform.ly for WooCommerce 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists i...
CVE-2025-27655
Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Server-Side Request Forgery: CPA v1 V-2023-009...